cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
Max CVSS
4.3
Published
2014-12-11
Updated
2016-12-22
EPSS
0.25%
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.
Max CVSS
4.3
Published
2014-12-11
Updated
2016-12-22
EPSS
0.25%
Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.
Max CVSS
6.8
Published
2014-12-11
Updated
2016-12-22
EPSS
0.64%
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!